Thanks for the info, we'll have to check it out. Also thanks for supporting us and continue listening!
anon
· 1 year ago
Please don't take this the wrong way (I only mean this as positive/constructive criticism) I'm not trying to sound like a stickler but, many [actually almost all] of the stories/topics you guys talked about had flagrant factual/fundamental errors in them. One example was the last topic about the Air Force botnet; someone said that they were talking about using every computer in the US in the botnet and then the conversation just went south from there. The whole deal w/the Air Force botnet was that they wanted to use every and only military computers in that project. Another example is when someone said that it was ok to use a short password (dog) if you are using two-factor authentication. Last example, someone said that AES could be cracked in four or five years and that just made me cringe. I guess my point isn't to pick out flaws but, maybe to encourage you guys to do just a little more research before discussing something technical. As podcasters, (whether you like it or not) you guys are viewed as authorities on security and there's a responsibility that goes with that. No hard feelings I hope. :)
Chris
· 1 year ago
Anon: I appreciate the feedback. We were a bit drunk for Ep 2. I do want to address the responsibility issue. We do this as a hobby, as a way to have some fun discussion about security topics. I don't want to put false information out there, but we will inevitably make errors as we go along. Hopefully they are minor ones such as in this episode, and on the whole the information is somewhat useful to someone, although the main goal I have with this is entertainment.
Specifically regarding the two-factor authentication discussion though. Using the password "dog" is perfectly acceptable when requiring a hardware key such as the yubikey. Obviously the only downside is if someone steals your yubikey they could brute force your password quite easily, but then again, even if your password is j9jzFKD#@hfa85lhz, it doesn't matter because they have your key, and given enough time and processing power, will eventually crack it before the end of time anyway, so who cares, really? :)
Thanks for listening!
Anthony
· 1 year ago
Well they would love to be able to take control of every computer in the known world. The simple reason is that if you can do that you then have a foothold to know what and how attacks are being played out. This is however not practical and no likely to happen. Microsoft can't even get the foothold big enough to put it on every computer in the world. and trust me they would love to :)
But i second Chris's thoughts. This is fun, it is mean to bring a sense of awareness and topics that are new and not the ones that are covered every day. I look forward to more feedback!
Anthony
· 1 year ago
Securi-D, That is an awesome looking tool, and it is from Microsoft. Wow!
That could be handy from a troubleshooting perspective. I have to look and see if it will go in and replace the current devise manager or just be an add on or even a transparent side kick.
All Comments
I think this tool might let you active/de-activate the YoubaKey. If not you could always force an automatic reboot on your computer.
http://support.microsoft.com/default.aspx?scid=...
Dave
I'm not trying to sound like a stickler but, many [actually almost all] of the stories/topics you guys talked about had flagrant factual/fundamental errors in them. One example was the last topic about the Air Force botnet; someone said that they were talking about using every computer in the US in the botnet and then the conversation just went south from there. The whole deal w/the Air Force botnet was that they wanted to use every and only military computers in that project. Another example is when someone said that it was ok to use a short password (dog) if you are using two-factor authentication. Last example, someone said that AES could be cracked in four or five years and that just made me cringe. I guess my point isn't to pick out flaws but, maybe to encourage you guys to do just a little more research before discussing something technical. As podcasters, (whether you like it or not) you guys are viewed as authorities on security and there's a responsibility that goes with that. No hard feelings I hope. :)
Specifically regarding the two-factor authentication discussion though. Using the password "dog" is perfectly acceptable when requiring a hardware key such as the yubikey. Obviously the only downside is if someone steals your yubikey they could brute force your password quite easily, but then again, even if your password is j9jzFKD#@hfa85lhz, it doesn't matter because they have your key, and given enough time and processing power, will eventually crack it before the end of time anyway, so who cares, really? :)
Thanks for listening!
But i second Chris's thoughts. This is fun, it is mean to bring a sense of awareness and topics that are new and not the ones that are covered every day. I look forward to more feedback!
That is an awesome looking tool, and it is from Microsoft. Wow!
That could be handy from a troubleshooting perspective. I have to look and see if it will go in and replace the current devise manager or just be an add on or even a transparent side kick.
Thanks for that link to the tool.
Anthony